v6.1.3.0

Change log: https://roxy-wi.org/changelog.py#6_1_3

app/scripts/ansible/roles/nginx_common/templates/nginx.conf.j2

@@ -4,7 +4,10 @@ worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
 
-
+{% if ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS' %}
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+{% endif %}
 events {
     worker_connections  1021;
 }

app/scripts/ansible/roles/waf/tasks/main.yml

@@ -78,6 +78,7 @@
           - libtool
           - make
           - gcc-c++
+          - git
         state: latest
       when:
         - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
@@ -101,6 +102,7 @@
           - automake
           - g++
           - make
+          - git
         state: present
       when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
       environment:
@@ -129,7 +131,7 @@
 
     - name: Set ModSec src foleder
       set_fact:
-        mod_sec_src: /tmp/modsecurity-{{ modsec_ver }}
+        mod_sec_src: /tmp/modsecurity/modsecurity-{{ modsec_ver }}
 
     - name: Re configure Modsecurity
       become: true
@@ -160,11 +162,6 @@
         - standalone/
         - apache2/
 
-    - name: Install git
-      package:
-        name: git
-        state: present
-
     - name: Git clone spoa-modsecurity
       command: chdir=/tmp/ git clone https://github.com/haproxy/spoa-modsecurity.git
 
@@ -265,12 +262,10 @@
 
     - name: Copy owasp files
       copy:
-        src: "/tmp/owasp-modsecurity-crs-2.2.9/{{ item }}"
-        dest: /tmp/owasp-modsecurity-crs-2.2.9
+        src: "/tmp/owasp-modsecurity-crs-2.2.9/owasp-modsecurity-crs-2.2.9/{{ item }}"
+        dest: "{{ HAPROXY_PATH }}/waf/rules"
         remote_src: yes
       with_items:
-        - owasp-modsecurity-crs-2.2.9/
-        - activated_rules/
         - base_rules/
         - experimental_rules/
         - optional_rules/
@@ -278,7 +273,7 @@
 
     - name: Copy Modsec crs conf file
       copy:
-        src: /tmp/owasp-modsecurity-crs-2.2.9/modsecurity_crs_10_setup.conf.example
+        src: /tmp/owasp-modsecurity-crs-2.2.9/owasp-modsecurity-crs-2.2.9/modsecurity_crs_10_setup.conf.example
         dest: "{{ HAPROXY_PATH }}/waf/rules/modsecurity_crs_10_setup.conf"
         remote_src: true
 
@@ -346,7 +341,7 @@
         state: absent
       with_items:
         - /tmp/modsecurity.tar.gz
-        - "/tmp/modsecurity-{{ modsec_ver }}"
+        - "{{ mod_sec_dir }}"
         - "/tmp/haproxy-{{ VERSION }}"
         - /tmp/owasp.tar.gz
         - /tmp/owasp-modsecurity-crs-2.2.9

app/scripts/ansible/roles/waf_nginx/tasks/main.yml

@@ -5,8 +5,6 @@
       set_fact:
         ansible_port: "{{SSH_PORT}}"
 
-#    - debug: msg="{{ ansible_facts }}"
-
     - name: Check that WAF has been installed
       stat:
         path: "{{ NGINX_PATH }}/waf/modsecurity.conf"
@@ -53,6 +51,7 @@
           - libevent-dev
           - libpcre3-dev
           - libxml2-dev
+          - libssl-dev
           - gcc
           - libpcre3-dev
           - libcurl4-nss-dev
@@ -62,11 +61,8 @@
           - autoconf
           - g++
           - make
-          - openssl-dev
           - libxslt-dev
-          - gd-dev
           - perl-modules
-          - libmodsecurity3
           - libgeoip-dev
           - libfuzzy2
         state: present
@@ -79,8 +75,6 @@
       ansible.builtin.get_url:
         url: "http://repo.roxy-wi.org/modsec/modsecv3.0.7-{{ ansible_facts.distribution | lower }}{{ ansible_facts.distribution_major_version }}.tar.gz"
         dest: /usr/local/modsecv3.tar.gz
-      when:
-        - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
 
     - name: Untar ModSec
       unarchive:
@@ -221,4 +215,4 @@
         - /tmp/nginx-connector
         - /tmp/OWASP.tar.gz
         - /usr/local/modsecv3.tar.gz
-#        - "/tmp/coreruleset-{{ coreruleset_ver }}"
+        - "/tmp/coreruleset-{{ coreruleset_ver }}"